Bug 210522 - www/node010: Update to 0.10.46
Summary: www/node010: Update to 0.10.46
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kurt Jaeger
URL:
Keywords: patch, patch-ready
Depends on:
Blocks:
 
Reported: 2016-06-24 10:32 UTC by Bradley T. Hughes
Modified: 2016-06-30 05:52 UTC (History)
1 user (show)

See Also:
bhughes: maintainer-feedback+


Attachments
patch from a git commit, apply with patch -p1 (1.91 KB, text/plain)
2016-06-24 10:32 UTC, Bradley T. Hughes
bhughes: maintainer-approval+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Bradley T. Hughes freebsd_committer freebsd_triage 2016-06-24 10:32:55 UTC
Created attachment 171745 [details]
patch from a git commit, apply with patch -p1

Notable changes:

This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/
for details on patched vulnerabilities.

- libuv: (CVE-2014-9748) Fixes a bug in the read/write locks
  implementation for Windows XP and Windows 2003 that can lead to
  undefined and potentially unsafe behaviour. More information can be
  found at https://github.com/libuv/libuv/issues/515 or at
  https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/.
- V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability
  discovered in V8, more details can be found in the CVE at
  https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at
  https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/.

See the full release announcement here:
https://nodejs.org/en/blog/release/v0.10.46/
Comment 1 Bradley T. Hughes freebsd_committer freebsd_triage 2016-06-24 10:34:48 UTC
poudriere testport passes on 10.3-RELEASE amd64 jail.
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-06-30 05:51:13 UTC
A commit references this bug:

Author: pi
Date: Thu Jun 30 05:50:34 UTC 2016
New revision: 417810
URL: https://svnweb.freebsd.org/changeset/ports/417810

Log:
  www/node010: 0.10.45 -> 0.10.46

  This is a security release. Please read
  https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/
  for details.

  - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks
    implementation for Windows XP and Windows 2003 that can lead to
    undefined and potentially unsafe behaviour. More information can be
    found at https://github.com/libuv/libuv/issues/515
  - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability
    discovered in V8, more details can be found in the CVE at
    https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669

  PR:		210522
  Changes:	https://nodejs.org/en/blog/release/v0.10.46/
  Submitted by:	Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer)

Changes:
  head/www/node010/Makefile
  head/www/node010/distinfo
Comment 3 Kurt Jaeger freebsd_committer freebsd_triage 2016-06-30 05:52:51 UTC
Committed, thanks. No MFH as new quarterly is just around the corner.